Efficient triggering of Trojan hardware logic

Abstract: The detection of malicious hardware logic (hardware Trojan) requires test patterns that succeed in exciting the malicious logic part. Testing of all possible input patterns is often prohibitively expensive. As an alternative, we explored previously the applicability of the combinatorial testing principles.In this paper, we turn our focus on the efficiency of this approach for triggering the hidden malicious logic. We present a series of experiments with Trojan designs of various activation patterns and lengths… Show more

“…As a result, non-destructive methods are needed to provide post-fabrication tests on all the production before deployment in the field. Related approaches are classified into sidechannel analysis [14][15][16][17][18][19], logic testing [20][21][22][23][24][25][26][27] and visual inspection [28] (not present in Fig. 2).…”

“…Logic-testing methods are therefore dedicated to HTs that change the functionality of an IC. It is generally agreed that, in order to evade detection during manufacturing test, an attacker creates a HT that is dormant until a stealthy condition triggers it [20][21][22][23][24][25][26][27]. The goal of detections methods is then to be able to activate potential HTs within a reasonable test time, i.e.…”

“…More recently, it was assumed in [25] that, in the specific case of cryptographic circuits, since the key bits are unknown to the attacker, he/she cannot control the signals influenced by key bits and therefore cannot use such signals as trigger inputs. Another assumption in [26,27] is that an attacker may not have access to the internal signals of an IC. The HT's trigger is in that case connected directly to the primary inputs.…”

“…Similarly, it was assumed in [26,27] that an attacker may not have access to the internal signals of an IC. The HT's trigger is in that case connected directly to the primary inputs of the IC.…”

“…To the best of our knowledge, identification of rare conditions composed of controllable signals has not been intensively explored. In [21,[25][26][27], the controllability of individual signals in the circuit is not taken into account.…”

Protection Against Hardware Trojans With Logic Testing: Proposed Solutions and Challenges Ahead

“…As a result, non-destructive methods are needed to provide post-fabrication tests on all the production before deployment in the field. Related approaches are classified into sidechannel analysis [14][15][16][17][18][19], logic testing [20][21][22][23][24][25][26][27] and visual inspection [28] (not present in Fig. 2).…”

“…Logic-testing methods are therefore dedicated to HTs that change the functionality of an IC. It is generally agreed that, in order to evade detection during manufacturing test, an attacker creates a HT that is dormant until a stealthy condition triggers it [20][21][22][23][24][25][26][27]. The goal of detections methods is then to be able to activate potential HTs within a reasonable test time, i.e.…”

“…More recently, it was assumed in [25] that, in the specific case of cryptographic circuits, since the key bits are unknown to the attacker, he/she cannot control the signals influenced by key bits and therefore cannot use such signals as trigger inputs. Another assumption in [26,27] is that an attacker may not have access to the internal signals of an IC. The HT's trigger is in that case connected directly to the primary inputs.…”

“…Similarly, it was assumed in [26,27] that an attacker may not have access to the internal signals of an IC. The HT's trigger is in that case connected directly to the primary inputs of the IC.…”

“…To the best of our knowledge, identification of rare conditions composed of controllable signals has not been intensively explored. In [21,[25][26][27], the controllability of individual signals in the circuit is not taken into account.…”

Protection Against Hardware Trojans With Logic Testing: Proposed Solutions and Challenges Ahead

Hardware Trojan Attacks and Countermeasures

A Hybrid FPGA Trojan Detection Technique Based-on Combinatorial Testing and On-chip Sensing